Overview: The World Wide Web Security FAQ

The World Wide Web Security FAQ (Frequently
Asked Questions with answers) provides an overview of Web security issues, security hole
alerts, and practical advice for avoiding unpleasant surprises. It is recommended as a
starting point for exploration.

Security Initiatives at the W3C

The W3C is involved in the development of several
protocols that relate to Web security. Presently, the main areas of work is on the
signed-XML proposed activity. Other related activities include the HTTP/1.1 protocol and
eCommerce. The W3C also produces software reference implementations that demonstrate the
use of security measures.

Digital Signatures

The IETF/W3C have created a joint working group to address XML Signatures.

HTTP/1.1

Electronic Commerce Initiatives

The W3C is involved in several initiatives in the realm of electronic commerce and
secure payments. More information can be found in the Electronic Commerce Interest Group pages.

Reference Implementations

The W3C has implemented Jigsaw, an
HTTP/1.1-compliant Web server written entirely in Java. The source code illustrates the implementation of HTTP
authentication protocols in general, and Digest
Authentication in particular.